GitHub Agentic AI Developer GH-600

What is the primary characteristic that distinguishes agentic AI from traditional AI assistants in the software development lifecycle (SDLC)?. The capacity to write code without any human supervision or final validation. The ability to take autonomous actions within the repository rather than just suggesting code. The requirement for higher computing power to process natural language queries. A reliance on local machine environments rather than cloud-based repository access.

Which of the following describes the iterative loop followed by agent workflows?. Code → Review → Deploy. Listen → Process → Respond. Plan → Act → Evaluate. Analyze → Debug → Commit.

In an agent-assisted development environment, how does the developer's role primarily evolve?. The developer focuses exclusively on manual documentation while the agent writes all logic. The developer becomes a passive observer with no direct input into the agent's plan. The developer is no longer responsible for code quality as the agent handles all validation. The developer shifts from writing all code to guiding, supervising, and validating AI systems.

GitHub functions as both the 'system of record' and the 'control plane' for agent activity. Which feature is used as part of the control plane to ensure agent activity is safe?. The local Git history on a developer's machine. Automated code formatting tools like Prettier. Public repository README files. CODEOWNERS and rulesets.

What is the intended purpose of the 'evaluate' phase in the agent workflow lifecycle?. To replace human review entirely with automated scoring. To use system feedback to refine the next step until standards are met. To reset the agent's knowledge base to its original state. To permanently archive the agent's logs without further action.

In the context of agentic workflows, what role do 'status checks' play?. They determine the subscription tier of the user using the agent. They are used to measure the physical temperature of the servers running the AI. They act as part of the control plane to keep agent activity safe and controlled. They provide a way for the agent to check if the developer is currently online.

What does it mean for GitHub to act as the 'system of record' for agents?. It serves as the primary marketing site for the agentic AI product. It is the only place where the AI's training data is stored. It maintains a traceable history of all agent actions, reviews, and changes. It generates a list of top-performing developers who use agents.

Which action is an example of an agent 'acting' inside the SDLC as described in the text?. Simply highlighting syntax errors without offering fixes. Waiting for a human to type a specific function name. Deleting the entire repository history to start over. Suggesting a plan, making changes on a branch, and opening a pull request.

Assistant versus agent?. Produces suggestions or explanations. Does not take repository actions. Requires the user to apply each step manually. Maintain a goal across multiple steps. Decide intermediate actions. Use tools. Create or modify durable artifacts (branch/commits/PR). Iterate based on feedback signals.

Which of the following describes a typical behavior of an assistant-based AI system in a development context?. Opening a pull request with a summary and plan. Providing a checklist of risks for a suggested code change. Independently moving work forward inside a repository. Creating a new branch to address a security vulnerability.

In the context of the Software Development Life Cycle (SDLC), how do agent-based systems interact with tools like the GitHub API?. They only use tools to summarize documentation for the user. They use tools to produce durable outcomes like commits and pull requests. They require the user to manually trigger every tool execution. They avoid using tools to ensure the developer remains in full control.

What does it mean for an AI agent to 'iterate based on feedback signals' in a GitHub environment?. The agent closes the task immediately if a check fails. The agent waits for the user to tell it exactly how to fix an error. The agent creates a new prompt for the user to explain the feedback. The agent revises its work in response to CI checks or review comments.

Which of these is considered a 'durable artifact' that an agentic AI might create or modify?. A list of recommended commands for a terminal. A temporary suggestion visible only in the IDE. A chat response explaining a syntax error. A pull request opened on a specific branch.

How does the role of AI change when it shifts from an assistant pattern to an agentic pattern?. It changes from taking repository actions to providing better suggestions. It changes from a complex system to a simpler, more prompt-focused tool. It changes from a system that helps with development to one that participates in development. It changes from being goal-driven to being purely reactive to user prompts.

When a security alert is filed, an agentic AI might create a branch and update a dependency. What is the final step it typically takes before waiting for review?. Deleting the branch to save storage space. Asking the user to manually write the summary of the changes. Merging the code directly into the main branch. Opening a pull request with a summary and plan.

An AI agent replaces the standard developer workflow by operating outside of branches and pull requests. False. True.

If you ask an AI, 'How do I safely update this dependency?' and it provides a checklist of risks but requires you to create the branch, it is behaving as a(n): Assistant. Agent. Repository. Compiler.

PLAN | ACT | EVALUATE. A structured plan in the pull request description. A linked issue or checklist outlining scope and success criteria. Creating a branch. Changing files and pushing commits. Opening or updating a pull request. Responding to review feedback with revisions. Workflow runs and status checks (build/test/lint). Code review feedback (requested changes, approvals). Security signals (code scanning results, secret scanning alerts, dependency alerts). Code scanning (including SARIF upload workflows).

In the context of the agent lifecycle, what is the primary purpose of the 'Plan' phase?. To interpret the goal and determine the necessary steps to complete it. To provide feedback on a human contributor's code review. To finalize and merge code changes into the default branch. To run automated test suites and security scans.

Which of the following elements makes an agent's plan more reviewable and assessable?. Focusing only on the immediate next step to maintain flexibility. Inclusion of scope, success criteria, and a rollback path. Relying solely on the agent's internal confidence scores. The use of hidden internal states to minimize system noise.

Why is it important for an agent's 'Act' phase to be bounded to specific repository workflows like pull requests?. To prevent uncontrolled direct changes to the default branch. To ensure the agent can complete the task in a single iteration. To allow the agent to bypass organization security policies. To minimize the need for the evaluation phase.

Which of these is considered an objective signal used during the 'Evaluate' phase in GitHub?. The initial goal description provided by the user. The number of lines of code the agent changed. Workflow runs and status checks such as build, test, and lint. The agent's internal estimation of its own performance.

For security-oriented work, what specific type of workflow is mentioned as a component of evaluation?. Automated documentation generation. Randomized penetration testing. Agent self-correction logs. SARIF upload workflows for code scanning.

What should occur if an agent's actions fail a status check or leave a vulnerability unresolved?. The agent automatically merges the changes and notes the error. The lifecycle loops to revise the plan and adjust the actions. The agent deletes the branch and restarts the planning from scratch. The system assumes the goal is impossible and terminates the task.

In a high-quality agent system, what is the consequence of a 'Plan' phase being opaque or hidden?. Trust in the system degrades. The agent requires fewer feedback signals. The evaluation phase becomes automated. The agent's processing speed increases.

The agent lifecycle is a linear sequence that concludes once the evaluation phase is reached. False. True.

What mechanism can turn evaluation into an enforceable gate rather than just a suggestion?. Manual verbal approval from a team lead. The agent's internal success probability. Organization policies and branch protection rulesets. Increasing the number of planning artifacts.

In the context of agentic systems, why is GitHub specifically referred to as the 'system of record'?. It serves as the primary code editor and development environment for AI agents. It acts as a real-time communication channel for human developers only. It provides the raw compute power necessary for agents to execute complex logic. It stores the artifacts through which development work is proposed, evaluated, and inspected.

Which GitHub artifact is primarily responsible for capturing the 'context and intent' of a proposed change in an agentic workflow?. Workflow runs and artifacts. Repositories and branches. Issues and discussions. Commits and pull requests.

What is meant by the 'double duty' that artifacts perform in an agentic workflow?. They function as both source code and compiled executable binaries. They support the development process while also making agent behavior inspectable after the fact. They allow agents to write code while simultaneously training the underlying model. They serve both as a production database and a backup storage system.

What is the primary reason GitHub is considered the 'control plane' for AI agents?. It automatically generates code for agents without human intervention. It acts as a primary hosting provider for the agent's large language model (LLM). It offers a centralized dashboard for monitoring the electricity usage of agent servers. It provides enforcement points that shape and constrain what agent contributions can and cannot do.

In the control plane, what is the specific value of 'Required status checks' for agent-driven changes?. They allow agents to check the online status of their human collaborators. They convert technical evaluation and evidence into an enforceable policy. They provide a way for agents to bypass human reviews if the tests pass. They are used to measure the execution speed of the agent's code.

How does the 'CODEOWNERS' feature function as a control for agents?. It ensures that high-impact changes are routed to and supervised by the correct experts based on file paths. It identifies which AI model was used to generate a specific block of code. It automatically assigns a random developer to review agent-generated code. It restricts agents from viewing any files in high-risk directories.

According to the security principles for GitHub Actions in the control plane, how should workflow token permissions be managed?. Workflow tokens should always have administrative privileges to manage repository settings. Tokens should be granted 'write' access by default to avoid workflow failures. Permissions should be set conservatively by default, such as using read-only access where possible. Agents should be allowed to modify their own token permissions during execution.

What is the critical difference between the 'supervision' model and the 'enforcement' model on GitHub?. There is no difference; the terms are used interchangeably in the source material. Enforcement works everywhere by default, while supervision must be manually enabled by an admin. Supervision is provided by GitHub's storage of artifacts, while enforcement requires specific controls to be turned on. Supervision is only for humans, while enforcement is only for agents.

How do 'Environments' provide a control mechanism for agent-triggered workflows involving sensitive data?. They provide a sandbox where agents can run code without any internet access. They automatically delete any secrets that an agent attempts to use. They encrypt all code changes so that agents cannot read them. They prevent agent-triggered workflows from accessing secrets or deploying until a required human reviewer grants approval.

In the GitHub system of record, what do 'Review history' artifacts specifically represent?. The raw code changes proposed by an agent. Technical evidence of code execution. Decisions regarding the acceptance or rejection of work. The intent and context behind a feature request.